[PacketFence-users] freeradius issue with 802.1x

Wed, 24 Feb 2016 08:01:26 -0800 

Hello,

Please help me with an issue. I've just installed packetfence and integrated to 
a windows AD domain. I can do AD queries. I use a cisco sg300 switch which 
sends the EAP requests to packetfence.
I see with tcpdump that requests are coming to packetfence, but there is no 
response to the switch.

RADIUS, Access Request (1), id: 0x8b length: 137

When I run the command: sudo netstat -nap | grep radius

I get this:
udp        0      0 127.0.0.1:56159         127.0.0.1:8125          ESTABLISHED 
2866/freeradius
udp        0      0 127.0.0.1:43991         127.0.0.1:8125          ESTABLISHED 
2866/freeradius
udp        0      0 0.0.0.0:1103            0.0.0.0:*                           
2866/freeradius
udp        0      0 0.0.0.0:38039           0.0.0.0:*                           
2866/freeradius
udp        0      0 127.0.0.1:18120         0.0.0.0:*                           
2880/freeradius
udp        0      0 10.1.12.52:1812         0.0.0.0:*                           
2880/freeradius
udp        0      0 10.1.12.52:1813         0.0.0.0:*                           
2866/freeradius
udp        0      0 10.1.12.52:1814         0.0.0.0:*                           
2880/freeradius
udp        0      0 0.0.0.0:49196           0.0.0.0:*                           
2880/freeradius
udp        0      0 127.0.0.1:47188         127.0.0.1:8125          ESTABLISHED 
2880/freeradius
udp        0      0 127.0.0.1:55612         127.0.0.1:8125          ESTABLISHED 
2880/freeradius


I tried to do a query with this actual command (I don't have a user like that): 
radtest dd9999 Abcd1234 localhost:18120 12 testing123
Sending Access-Request of id 189 to 127.0.0.1 port 18120
        User-Name = "dd9999"
        User-Password = "Abcd1234"
        NAS-IP-Address = 127.0.1.1
        NAS-Port = 12
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 18120, id=189, length=20

Anything that I can check? The problem is that the switch is not getting an EAP 
Radius-Access-Chellange response message and the VLAN can not be set.

Also please confirm if I understand it correct: switch uses 802.1x auth wih 
freeradius, packetfence is checking the AD, and if user or machine is in the AD 
it is setting the correct VLAN. Maybe some other checks are also made like 
firewall is on, etc.

Thanks for any help, I'd really appreciate it as I'm new to this system but I 
have to make it work.

Gábor Barócsi
Network and System Engineer







------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to